Thanks to David Pflug, Baptiste Jonglez, Alexis Hildebrandt, Borg, Jochen Voss,
Tomislav Čohar and Vittorio Gambaletta for their contributions to this version of tinc.

May 11th 2014

Version 1.0.24 released.

Various compiler hardening flags are enabled by default.

Updated support for Solaris, allowing switch mode on Solaris 11.

Configuration will now also be read from a conf.d directory.

Various updates to the documentation.

Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.

Fixed a potential routing loop when IndirectData or TCPOnly is used and broadcast packets are being sent.

Improved security with constant time memcmp and stricter use of OpenSSL’s RNG functions.

Fixed all issues found by Coverity.

Thanks to Florent Clairambault, Vilbrekin, luckyhacky, Armin Fisslthaler, Loïc
Dachary and Steffan Karger for their contributions to this version of tinc.

April 10th 2014

Tinc is not vulnerable to the Heartbleed bug.

The Heartbleed bug
(CVE-2014-0160)
is a bug in the OpenSSL library that
affects any application that is linked to it and is making or accepting TLS
connections. Although tinc links to the OpenSSL library, it does not use the
TLS protocol, and is therefore not vulnerable.

February 7th 2014

Version 1.1pre10 released.

Added a benchmark tool (sptps_speed) for the new protocol.

Fixed a crash when using Name = $HOST while $HOST is not set.

Use AES-256-GCM for the new protocol.

Updated support for Solaris.

Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set.

Enable various compiler hardening flags by default.

Added support for a “conf.d” configuration directory.

Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment.

Added a “ListenAddress” option, which like BindToAddress adds more listening address/ports, but doesn’t bind to them for outgoing sockets.

Make invitations work better when the “invite” and “join” commands are not run interactively.

When creating meta-connections to a node for which no Address statement is specified, try to use addresses learned from other nodes.

Thanks to Dennis Joachimsthaler and Florent Clairambault for their contribution to this version of tinc.

August 4th 2013

We would have hoped to
celebrate this by releasing 1.0.22 and 1.1pre8 today, but this will instead
happen in one week.

Tinc 1.1 is close to becoming stable, and I hope to release 1.1.0 before the
end of the year. The main features of tinc 1.1 are the improved security over
tinc 1.0, and a much nicer interface that makes it very easy to set up new
VPNs, and allows you to easily get live information from a running VPN. Tinc
1.1 will also feature an invitation protocol which allows you to easily invite
others to join a VPN, by simply giving them an invitation URL that you can
create with a simple command. No central servers are involved, invitees will
directly connect to your own tinc node to redeem invitations. The invitation
protocol will be available in the 1.1pre8 release.

Tinc is the work of many people. For those of you who haven’t read the
THANKS file in the source code distribution, here is a list of all the
contributors: